Date: Thu, 9 Nov 2000 13:04:19 +1100 From: "Chris Cason" <casonc@netplex.aussie.org> To: <freebsd-security@FreeBSD.ORG> Cc: "Mike Tancsa" <mike@sentex.net> Subject: Re: IPSEC tunnels fail with -stable kernel? Message-ID: <003c01c049f1$b24bec40$023a1dac@dsat.net.au> References: <5.0.0.25.0.20001108115420.076aeeb0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> I havent tested it in a week or so. What sort of keying are you using ? > Manual or racoon ? I am just rebuilding my two test boxes so I cant test it > just yet. Manual. Everything is done using the setkey utility; I don't use GIF or anything else. The tunnels just *stopped* the instant I put in the new kernel. As far as I can tell there's nothing wrong with sending data (e.g. a 'new' kernel system can ping an 'old' kernel system via an IPSEC tunnel and the old system will receive and reply to the ping with its own ESP packet going back to the originator, but it is then 'lost' in the sending system's kernel). A 'new' system talking to another 'new' system is just one way - the ESP gets to the destination but never emerges from it. If anyone else can confirm this problem and/or suggest a work-around I'd appreciate it. -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003c01c049f1$b24bec40$023a1dac>